A security firm called Doctor Web said nine Android apps with a collective 5.8 million downloads were removed from the Google Play Store for stealing Facebook credentials from their users.
The apps in question were basic utilities that offered image-editing capabilities, horoscope information, and performance optimization features. Doctor Web said the software actually functioned as intended, most likely so users would be more willing to trust them with their data.
“Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts,” Doctor Web said. “However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.”
The firm said Android users should only download apps from reputable developers and be wary if an app asks them to sign in to a service. (The usual advice of only installing apps from trusted platforms doesn’t apply, of course, since these apps were available on the Google Play Store.)
Ars Technica reported that Google banned the developers of these apps from the Play Store after Doctor Web contacted it. That might not be enough to stop them from attempting the scheme again, however, because they can sign up for new developer accounts for just $25.